Hackin9

A reader, Greg, wrote in with a query on another internet scanning project. He checked out the IP address and it lead to a web site, www[.]internetscanningproject.org, which states:


"Hello! You've reached the Internet Scanning Project.

We're computer security researchers performing periodic Internet-wide health assessments.

If you reached this site because of activity you observed on your network:

We apologize for any concern caused by our network activity. We are not specifically targeting your network.

We have not attempted to unlawfully access or abuse your network in any way. We are exclusively accessing publicly available servers, we respect all authentication barriers, and (as you can see) we have made no attempt to hide our activity.

This effort is part of a research project in which we are engaged in with view to possibly contributing to public Internet health datasets. We believe research of this sort is both legal and beneficial to the security of the Internet as a whole.

However, if you wish to be excluded from our scanning efforts after reading the clarifying information below, please email us with IP addresses or CIDR blocks to be added to our blacklist."

It does not provide any information or assurances that this is a legitimate research project and I wouldn't be want to sending information to unknown people via an unattributable web site. The normal low level open source searching doesn't reveal anything of use or attribution either. It does, however, bring up a fair number hits of people asking what are these scans and the best way to block them.

It appears this scanning has been running for a couple of weeks and has being using multiple IP addresses (see https://isc.sans.edu/topips.txt for some examples). A curious point, for a "legitimate" scan, is that they have started changed the User Agent frequently and in some cases to some very odd nonsensical strings. The core scans are against TCP ports 21, 22 and 443 and the 443 scans may trigger alerts for probing on the Heartbleed bug.

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The organizers of the FirstNet LTE public safety network have the frequencies and standards they need to build the system, and they know where the money's coming from. They know how to get there from here, but it won't be a quick trip.
 
Oracle Java SE CVE-2014-4265 Remote Security Vulnerability
 
A bill that allows consumers to unlock their cellphones for use on other carriers passed its last hurdle in Congress on Friday, opening the way for it to become law once it is signed by President Barack Obama.
 
New York start-up goTenna has created a portable antenna that could come in handy when cellular service is unavailable.
 
Oracle database shops that have or are planning to download the latest version of 12c take warning: The vendor's newly launched, much-hyped in-memory processing database option is turned on by default, according to one expert.
 
Apple still has redemption codes available for its public beta of OS X Yosemite.
 
Headphone maker Bose has launched a patent-infringement lawsuit against rival Beats Electronics, which Apple recently agreed to acquire in a US$3 billion deal.
 
The U.S. Securities and Exchange Commission has dropped its investigation into disclosures about Facebook advertising sales before the company went public in 2012.
 
Oracle Java SE CVE-2014-4268 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-4264 Remote Security Vulnerability
 
Barracuda Networks Web Firewall Multiple HTML Injection Vulnerabilities
 
Microsoft Internet Explorer CVE-2014-2813 Remote Memory Corruption Vulnerability
 
Microsoft Internet Explorer CVE-2014-2806 Remote Memory Corruption Vulnerability
 
NASA has released CAD files that can be used by 3D printers to create models 21 different objects, from space probes and satellites to asteroids and planetary features.
 
During an earnings call this week, Microsoft CEO Satya Nadella repeatedly promoted Lumia smartphones running on the Windows Phone platform. The call was just five days after the company announced a record 18,000 layoffs that raised concerns about Microsoft's long-term commitment to its phones.
 
The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around $111,000, for a method to identify users on the Tor network.
 

The Russian Ministry of Internal Affairs (MVD) has offered a 3.9 million ruble (approximately $111,000) contract for technology that can identify the users of Tor, the encrypted anonymizing network used by Internet users seeking to hide their activities from monitoring by law enforcement, government censors, and others.

In a notice on the Russian government’s procurement portal under the title “Perform research, code ‘TOR’ (Navy),” originally posted on July 11, the MVD announced it was seeking proposals for researchers to ”study the possibility of obtaining technical information about users and users equipment on the Tor anonymous network.” The competition, which is open only to Russian citizens and companies, requires entrants to pay a 195,000 ruble (approximately $5,555) application fee. Proposals are due by August 13, and a winner of the contract will be chosen by August 20.

The MVD had previously sought to ban the use of any anonymizing software. That proposal was dropped last year. However, a new “blogger law” passed in April, which goes into effect in August, requires all bloggers with an audience of over 3,000 readers to register their identity with the government—and enforcement of the law could be made difficult if bloggers use the Tor network to retain their anonymity.

Read 4 remaining paragraphs | Comments

 
Cisco WebEx Meetings Server CVE-2014-3301 Information Disclosure Vulnerability
 
Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
 
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities
 
BulletProof FTP Client Local Buffer Overflow Vulnerability
 
Apple QuickTime 'mvhd' Atom Heap Memory Corruption Vulnerability
 
Siemens SIMATIC WinCC and PCS 7 CVE-2014-4685 Local Privilege Escalation Vulnerability
 
Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
 
Easy file sharing web server - persist XSS in forum msgs
 
[SECURITY] [DSA 2989-1] apache2 security update
 
Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14
 
[SECURITY] [DSA 2988-1] transmission security update
 
Unless MIcrosoft radically changes its habits, it will throw Windows 8 down a deep memory hole even before a successor ships.
 
IPython Notebook Websocket Hijacking Remote Code Execution Vulnerability
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated qemu-kvm-rhev packages that fix several security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0 and 4.0. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for Red Hat Enterprise Linux 7. [More...]
 
LinuxSecurity.com: Updated openstack-nova packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for Red Hat Enterprise Linux 7. [More...]
 
LinuxSecurity.com: Updated python-django-horizon packages that fix three security issues, multiple bugs, and add an enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for Red Hat Enterprise Linux 7. [More...]
 
LinuxSecurity.com: LZO could be made to crash or run programs if it processed speciallycrafted data.
 
LinuxSecurity.com: A security issue was fixed in Jinja2.
 
Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned
 
A new study ties Facebook a and, by proxy, social networks in general a to increased divorce rates. While the write-up goes to a great deal of trouble to suggest that further work will be needed to prove that Facebook causes divorce, the report presents pretty damning evidence.
 
Call me old fashioned, but unlike Joaquin Phoenix in the film "Her," I'll never fall in love with a computer, Apple's Siri, or any other digital assistant. Siri is helpful, but does it work as well as Google Now? According to Gene Munster, a Piper Jaffray analyst who performed a rather painstaking analysis of the subject, there's almost no difference between the two -- though the Android version has a very slight edge.
 
Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
 
Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.
 
As researchers at Worcester Polytechnic Institute make their humanoid robot more autonomous, they're getting ready to get an upgrade robot this fall.
 
For the first time since 2000, Apple is allowing pubic beta testers to try out a prerelease version of OS X. Ryan Faas tells testers what to do and what to avoid.
 

Posted by InfoSec News on Jul 25

http://www.defenseone.com/technology/2014/07/cia-fears-internet-things/89660/

By Patrick Tucker
Defense One
July 24, 2014

The major themes defining geo-security for the coming decades were
explored at a forum on “The Future of Warfare” at the Aspen Security Forum
on Thursday, moderated by Defense One Executive Editor Kevin Baron.

Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s
directorate of science and...
 

Posted by InfoSec News on Jul 25

http://www.jpost.com/Defense/Israel-to-intensify-cyber-security-as-end-of-Ramadan-approaches-368891

By JPOST.COM STAFF
07/25/2014

The Shin Bet (Israel Security Agency) and the IDF were prepared to operate
in the face of intensified threats of cyber warfare in the coming days
ahead of commemorative days in the Muslim world that fall on the last days
of the month of Ramadan.

Along with Israel's general cyber security activities, the...
 

Posted by InfoSec News on Jul 25

http://www.nation.co.ke/oped/Opinion/technology-we-need-to-find-ways-to-deal-with-risks--/-/440808/2396320/-/3jknwt/-/index.html

By MATUNDA NYANCHAMA
Daily Nation
JULY 24, 2014

A few days ago, the Kenya Defence Forces Twitter handle was taken over by
hackers. The same happened to the Twitter handle of the defence forces
spokesman Emmanuel Chirchir.

Those familiar with the two accounts obviously noticed the change in tone
in the updates,...
 

Posted by InfoSec News on Jul 25

http://www.itpro.co.uk/security/22771/hackers-hit-the-european-central-bank

By Clare Hopping
ITPro.co.uk
25 July, 2014

Hackers targeted the European Central Bank on Monday, stealing personal
information data after requesting a ransom.

The hacker, whose identity is not known, stole 20,000 email addresses,
plus telephone numbers and addresses.

The details are said to belong to people who registered for ECB events and
although some of the...
 

Posted by InfoSec News on Jul 25

http://healthitsecurity.com/2014/07/24/how-healthcare-can-learn-from-retails-it-security-mistakes/

By Patrick Ouellette
Health IT Security
July 24, 2014

There’s little doubt the healthcare industry’s perception of security and
compliance has changed to a serious one within the past few years. While
regulatory demands and business needs are certainly strong drivers, what
should healthcare organizations be focusing on as cybersecurity...
 

-- Bojan INFIGO IS

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status